Observed attacks involving the recently disclosed WinRAR path traversal flaw, tracked as CVE-2025-8088, and the older Microsoft Internet Explorer resource management errors issue and Microsoft Excel remote code execution bug, tracked as CVE-2013-3893 and CVE-2007-0671, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports Security Affairs.
All of the security flaws should be remediated by federal agencies by September 2, according to CISA. Intrusions exploiting CVE-2025-8088, which could facilitate arbitrary code execution, have already been launched to spread the RomCom malware in a new phishing campaign. Arbitrary code execution is also likely with the abuse of CVE-2013-3893, which was discovered by FireEye researchers to have been used in an attack campaign against organizations in Japan over a decade ago. Meanwhile, threat actors could also use CVE-2007-0671 to execute code in zero-day attacks. Organizations have been urged to assess CISA's catalog and promptly address the security issues.
All of the security flaws should be remediated by federal agencies by September 2, according to CISA. Intrusions exploiting CVE-2025-8088, which could facilitate arbitrary code execution, have already been launched to spread the RomCom malware in a new phishing campaign. Arbitrary code execution is also likely with the abuse of CVE-2013-3893, which was discovered by FireEye researchers to have been used in an attack campaign against organizations in Japan over a decade ago. Meanwhile, threat actors could also use CVE-2007-0671 to execute code in zero-day attacks. Organizations have been urged to assess CISA's catalog and promptly address the security issues.
